I'm trying to make Spring Security permit access to static resources to all users, but for now nothing works.
When I used jsp in previous project, the solution was simple:
http
.authorizeRequests()
.antMatchers("/static/**").permitAll()
.anyRequest().authenticated()
Static folder was placed inside webapp folder which was the root folder and was easily detected by Spring Security. Now, because of Thymeleaf, there is no webapp folder and all the static folders are placed into src/main/resources. I have no idea, how to create antMatcher for something that is inside resources folder... I tried that:
http
.authorizeRequests()
.antMatchers("resources:/static/**").permitAll()
.anyRequest().authenticated()
It never worked. What is the solution?
ps. I have seen a statement that Spring Boot + Spring Security allows this intra-resources access by default, but it does not.
The solution is found. For my folder structure src/main/resource/static/css I should have used
.antMatchers("/css/**").permitAll()
instead of
.antMatchers("/static/**").permitAll()
Check my answer there: Spring boot mapping static html
Basically you have to add resource handlers by extending WebMvcConfigurerAdapter to map http://yoursite/static_url_prefix to your static_app_dir directory in your resources directory.
#Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/static_url_prefix/**").addResourceLocations("classpath:/static_app_dir/");
super.addResourceHandlers(registry);
}
This will intercept all request coming to http://yoursite/static_url_prefix and return results from classpath://static_app_dir in your jar file or from /resources/static_app_dir when running application from your IDE.
Spring security can be configured as before as it has nothing to do with it i.e. your first code example seems correct.
Related
I have a Spring Boot application (2.2.6.RELEASE) that uses ReactJs as a frontend library.
I have configured in application.properties a custom context-path and spring.mvc properties like so:
server.servlet.context-path=/gui
spring.mvc.view.prefix: /static/dist/
spring.mvc.view.suffix: .html
spring.mvc.static-path-pattern=/static/**
Webpack is used to build bundles and an index.html into src/main/resources/static/dist. Here is how the project structure looks like:
I need to be able to access index.html from
localhost:8080/gui
with these settings but for some reason it does not pick it up. However if I try with
localhost:8080/gui/static/dist/index.html
the resource is reached. How do I configure Spring to serve the resources as I would like to?
#Oleh Kurpiak answer was correct. Using spring.resources.static-locations=classpath:/static/dist/ helped out.
I have to provide static .js files through a JAR project.
For this I created a JAR(using MAVEN) which looks like:
parent
|--com
|--META-INF
|--webapp
|--resources
|--js
|--myjs.js
Now, I added this JAR to my parent spring-boot project and in one of the JSPs added
<script src="resources/js/myjs.js"></script>
This gives me a 404 error.
My conclusion: Either the boot project does not merge webapp folders from JARs into its own webapp or I am accessing the file incorrectly.
These questions did not help(cannot change WebMvcConfigurerAdapter and java code is strictly not allowed ):
SpringBoot - accessing a file inside resources folder
Serve static resources within jar files by Spring boot
Usually, such things are handled using overlays but that would be and overkill for a simple use case.
Your webapp folder is secured folder.You cannot access files directly inside it.
You need to permit all your incoming requests of js and other static files as following:-
#Configuration
#EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
#Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/js/**", "/css/**").permitAll();
http.csrf().disable();
}
}
I'm trying to link a HTML page to my Spring boot application.
I've connected a SQL DB to it, and have set up the needed controllers, but cannot map the HTML page to the local host.
Here is the GIT for the project.
https://github.com/ThierryLucDenichaud/SpringBoot_SQL_SPRING_HTML.git
Create a configuration file that look like the following:
#Configuration
public class WebMvcConfiguration extends WebMvcConfigurerAdapter {
#Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/").setViewName("indexPage.html");
registry.setOrder(Ordered.HIGHEST_PRECEDENCE);
}
}
This will create a default controller for serving your index.html on /.
A little recommendation, change indexPage.html to index.html and also setViewName("indexPage.html") to setViewName("index.html") as index.html is usually the default in most systems and frameworks.
EDIT
I just noticed your public folder is in src/main while it should be in src/main/resources. spring boot won't handle your static files unless they are first in src/main/resources then in public as the default folder that is exposed to the outside world.
Also in Java you should place classpath resources in src/main/resources or src/test/resources for tests.
I work on spring boot application. I'm trying to serve static content with spring.
want to serve a resource stored in the /c:/frontend/files/ directory whenever a request comes in for the URL matching the pattern: /file/**:
#Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry
.addResourceHandler("/file/**")
.addResourceLocations("file:///C:/frontend/files/" );
}
but when i try to access to this resource using this url: http://localhost:9999/file/app.min.js
I have this problem
There was an unexpected error (type=Not Acceptable, status=406).
Could not find acceptable representation
I resolved the problem. it's related to "spring-cloud-config-server". I just delete this config: org.springframework.cloud spring-cloud-config-server
It sounds like your project's folder structure is wrong.
Code should go under src/main/java and resources (like your javascript) should go under src/main/resources. You have a few different options where you can actually serve the files from. This post on the spring.io blog has the following to say:
Spring Boot will automatically add static web resources located within any of the following directories:
/META-INF/resources/
/resources/
/static/
/public/
Another option you also have is using webjars.
Personally, I've found it easiest to put those kind of files under src/main/resources/public. It always works without any issues for me. The interesting thing is you can put a folder named /public anywhere in your project and spring-boot will serve files out of it. You have to be really careful that it's under src/main/resources/public though if you're using a build tool like maven, as when you come to build your .jar the files won't be in the right place otherwise.
I have a Dropwizard/AngularJS website. I have my assets served from an AssetsBundle on the root directory:
public void initialize(Bootstrap<WebsiteConfiguration> bootstrap) {
bootstrap.addBundle(new AssetsBundle("/assets/", "/", "index.html"));
...
}
And I want to serve my REST endpoints on /services:
public void run(WebsiteConfiguration configuration, Environment environment) throws Exception {
environment.jersey().setUrlPattern("/service");
...
}
Based on documentation and answers I've seen elsewhere, this seems like it should work. However, I just tried it, and everything on /service is returning a 404. When I dug into the app through a debugger, it appears that it's because the requests are going through the AssetServlet, not through Jersey.
Am I missing something? Is there a good way to serve my front-end on the root directory and the REST services on a sub-path?
I also struggled with this issue some time ago. What helped me was adding these lines to the app.yml config file:
server:
type: simple
rootPath: '/rest/*'
applicationContextPath: /